* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.config.Config;
-
/**
* An in-memory Lur that can be configured locally with User info via properties, similar to Tomcat-users.xml mechanisms.
- *
+ *
* @author Jonathan
*
*/
public static final String COLON = "\\s*:\\s*";
public static final String COMMA = "\\s*,\\s*";
public static final String PERCENT = "\\s*%\\s*";
-
+
// Use to quickly determine whether any given group is supported by this LUR
private final Set<String> supportingGroups;
- private String supportedRealm;
-
+ private String supportedRealm;
+
/**
* Construct by building structure, see "build"
- *
+ *
* Reconstruct with "build"
- *
- * @param userProperty
- * @param groupProperty
+ *
+ * @param userProperties
+ * @param groupProperties
* @param decryptor
* @throws IOException
*/
- public LocalLur(Access access, String userProperty, String groupProperty) throws IOException {
+ public LocalLur(Access access, String userProperties, String groupProperties) throws IOException {
super(access, 0, 0, Integer.MAX_VALUE); // data doesn't expire
supportedRealm = access.getProperty(Config.BASIC_REALM, "localized");
- supportingGroups = new TreeSet<String>();
-
- if(userProperty!=null) {
- // For each User name...
- for(String user : userProperty.trim().split(SEMI)) {
- String[] us = user.split(COLON,2);
- String[] userpass = us[0].split(PERCENT,2);
- String u;
- User<LocalPermission> usr;
- if(userpass.length>1) {
- if(userpass.length>0 && userpass[0].indexOf('@')<0) {
- userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm());
- }
-
- u = userpass[0];
- byte[] pass = access.decrypt(userpass[1], true).getBytes();
- usr = new User<LocalPermission>(new ConfigPrincipal(u, pass));
- } else {
- u = us[0];
- usr = new User<LocalPermission>(new ConfigPrincipal(u, (byte[])null));
- }
- addUser(usr);
- access.log(Level.INIT, "Local User:",usr.principal);
-
- if(us.length>1) {
- Map<String, Permission> newMap = usr.newMap();
- for(String group : us[1].split(COMMA)) {
- supportingGroups.add(group);
- usr.add(newMap,new LocalPermission(group));
- }
- usr.setMap(newMap);
- }
- }
+ supportingGroups = new TreeSet<>();
+
+ if (userProperties != null) {
+ parseUserProperties(userProperties);
}
- if(groupProperty!=null) {
- // For each Group name...
- for(String group : groupProperty.trim().split(SEMI)) {
- String[] gs = group.split(COLON,2);
- if(gs.length>1) {
- supportingGroups.add(gs[0]);
- LocalPermission p = new LocalPermission(gs[0]);
- // Add all users (known by comma separators)
-
- for(String grpMem : gs[1].split(COMMA)) {
- // look for password, if so, put in passMap
- String[] userpass = grpMem.split(PERCENT,2);
- if(userpass.length>0 && userpass[0].indexOf('@')<0) {
- userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm());
- }
- User<LocalPermission> usr = null;
- if(userpass.length>1) {
- byte[] pass = access.decrypt(userpass[1], true).getBytes();
- usr = getUser(userpass[0],pass);
- if(usr==null)addUser(usr=new User<LocalPermission>(new ConfigPrincipal(userpass[0],pass)));
- else usr.principal=new ConfigPrincipal(userpass[0],pass);
- } else {
- addUser(usr=new User<LocalPermission>(new ConfigPrincipal(userpass[0],(byte[])null)));
- }
- usr.add(p);
- access.log(Level.INIT, "Local User:",usr.principal);
- }
- }
- }
+
+ if (groupProperties != null) {
+ parseGroupProperties(groupProperties);
}
}
-
+
public boolean validate(String user, CredVal.Type type, byte[] cred, Object state) {
- User<LocalPermission> usr = getUser(user,cred);
- switch(type) {
- case PASSWORD:
- // covers null as well as bad pass
- if(usr!=null && cred!=null && usr.principal instanceof ConfigPrincipal) {
- return Hash.isEqual(cred,((ConfigPrincipal)usr.principal).getCred());
- }
- break;
+ if (cred == null) {
+ return false;
+ }
+ User<LocalPermission> usr = getUser(user, cred);
+ if (usr == null) {
+ return false;
+ }
+ // covers null as well as bad pass
+ if ((type == Type.PASSWORD) && (usr.principal instanceof ConfigPrincipal)) {;
+ return Hash.isEqual(cred, ((ConfigPrincipal)usr.principal).getCred());
}
return false;
}
// @Override
public boolean fish(Principal bait, Permission pond) {
- if(pond == null) {
+ if (pond == null) {
return false;
}
- if(handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions
- User<LocalPermission> user = getUser(bait);
- return user==null?false:user.contains((LocalPermission)pond);
+ if (handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions
+ User<LocalPermission> user = getUser(bait);
+ if (user != null) {
+ return user.contains((LocalPermission)pond);
}
+ }
return false;
}
// We do not want to expose the actual Group, so make a copy.
public void fishAll(Principal bait, List<Permission> perms) {
- if(handles(bait)) {
+ if (handles(bait)) {
User<LocalPermission> user = getUser(bait);
- if(user!=null) {
+ if (user != null) {
user.copyPermsTo(perms);
}
}
*/
@Override
public boolean handles(Principal principal) {
- return principal!=null && principal.getName().endsWith(supportedRealm);
+ if (principal == null) {
+ return false;
+ }
+ return principal.getName().endsWith(supportedRealm);
}
-// public boolean supports(String userName) {
-// return userName!=null && userName.endsWith(supportedRealm);
-// }
-//
public boolean handlesExclusively(Permission pond) {
return supportingGroups.contains(pond.getKey());
}
public Permission createPerm(String p) {
return new LocalPermission(p);
}
+
+ private void parseUserProperties(String userProperties) throws IOException {
+ // For each User name...
+ for (String userProperty : userProperties.trim().split(SEMI)) {
+ String[] userInfo = userProperty.split(COLON, 2);
+ String[] userPass = userInfo[0].split(PERCENT, 2);
+ String userName = userPass[0];
+
+ byte[] password = null;
+ if (userPass.length > 1) {
+ password = access.decrypt(userPass[1], true).getBytes();
+ if (userName.indexOf('@') < 0) {
+ userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm());
+ }
+ }
+ User<LocalPermission> usr;
+ usr = new User<>(new ConfigPrincipal(userName, password));
+ addUser(usr);
+ access.log(Level.INIT, "Local User:", usr.principal);
+
+ if (userInfo.length > 1) {
+ Map<String, Permission> newMap = usr.newMap();
+ for (String group : userInfo[1].split(COMMA)) {
+ supportingGroups.add(group);
+ usr.add(newMap, new LocalPermission(group));
+ }
+ usr.setMap(newMap);
+ }
+ }
+ }
+
+
+ private void parseGroupProperties(String groupProperties) throws IOException {
+ // For each Group name...
+ for (String group : groupProperties.trim().split(SEMI)) {
+ String[] groups = group.split(COLON, 2);
+ if (groups.length <= 1) {
+ continue;
+ }
+ supportingGroups.add(groups[0]);
+ LocalPermission p = new LocalPermission(groups[0]);
+
+ // Add all users (known by comma separators)
+ for (String groupMember : groups[1].split(COMMA)) {
+ // look for password, if so, put in passMap
+ String[] userPass = groupMember.split(PERCENT, 2);
+ String userName = userPass[0];
+ if (userName.indexOf('@') < 0) {
+ userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm());
+ }
+
+ User<LocalPermission> usr = null;
+ byte[] password = null;
+ if (userPass.length > 1) {
+ password = access.decrypt(userPass[1], true).getBytes();
+ }
+ usr = getUser(userName, password);
+ if (usr == null) {
+ usr = new User<>(new ConfigPrincipal(userName, password));
+ addUser(usr);
+ }
+ else {
+ usr.principal = new ConfigPrincipal(userName, password);
+ }
+ usr.add(p);
+ access.log(Level.INIT, "Local User:", usr.principal);
+ }
+ }
+ }
}
Code Review / aaf / authz.git / blobdiff